Automotive Supply Chain Best Practice Recommendation
OFTP2: List of Cipher suites
Version No: 1.0 Doc Ref No: OP09 Date: January 2015
Copyright Odette International Ltd
OFTP2: LIST OF CIPHER SUITES
DOC REF N O:
OP08
VERSION NO.: DATE:
1.0 JANUARY 2015
PREFERRED TLS SECURITY FEATURES
TLS versions: 1.0, 1.1 and 1.2 are supported. If the server supports version 1.1. and/or 1.2, it should be able to negotiate the version down to the version the connecting client is supporting. This can be done via an automatic process or through manual configuration. All 3 versions are PFS capable, however 1.2 is the preferred more secure version. Perfect Forward Secrecy (PFS): For security reasons PFS is the recommended and preferred method of key exchange. During the TLS hand shake the client system offers the server a list of ciphers. It is strongly recommended to put the ciphers of PFS on top of this list. Typically, the contacted server will then select the first supported cipher which is likely to be a PFS cipher. If the client offers the appropriate cipher only further down the list of supported ciphers, then the server should select a PFS cipher independently of the position in the list. The key exchange must be done via Diffie-Hellman Ephemeral (DHE) algorithm to facilitate PFS. Generally, ciphers used for TLS must be up-to-date. If a cipher has been declared as broken it should not be used for TLS any longer. Neither client nor server should offer / select these ciphers anymore.